2

I am trying to connect a domain name I got from Google Domains to a Google Cloud Platform VM instance. My domain is .dev and when I tried nslookup and dig trace, they are already pointing to the right IP address. Accessing the website using this IP works fine. I just cannot access the same website via the domain name.

The following is the configuration I did:

In my VM instance (Compute Engine API):

  • Enabled http and https traffic
  • Has network tags http-server and https-server

In VPC newtorks API:

  • Made my external IP static
  • Firewall at tcp:443 allows traffic (default-allow-https rule)
  • When I tried running "netstat -tulpn | grep LISTEN", port 443 is not shown in the list. Webserver may not be listening to port 443

In Network Services API:

  • Added record sets for A and CNAME matching the DNS from Google Domains and external IP from VM instance

In Google Domains:

  • Modified the name servers to be the same as those from Network Services API Registrar Setup values (added under the custom name server tab)

Screenshots: Firewall screenshot Network Zone screenshot VM setup concerning firewall

Please understand that I do not have a networking background. Thank you so much for helping!

Marky
  • 51

1 Answers1

1

Answer based on the comments of @John Hanley:

  1. A website with .dev domain name extension requires port443 to be open. Check that the web server is listening to this port by running netstat -tulpn | grep LISTEN.

  2. Since (as stated in the question above) port443 does not appear in the list, configure your web server to listen to port 443. In my case, I am using nginx as my server so I edited the file in /etc/nginx/nginx.conf to make my server listen to port 443.

  3. At this point, trying to access the website will return an error that you don't have an SSL certificate. So create one. I used certbot for this to generate the ssl certificate and key.

  4. Go back to the nginx.conf file and switch ssl on, add the ssl cert and key. It should look something like this:

... server{ server_name example.com www.example.com; listen 443; ssl on; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/bdcs.dev/privkey.pem; location / { ... } ... } ...
  1. Restart the server (sudo systemctl restart nginx)
Marky
  • 51